docker-scout-scanner
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official installation script for Docker Scout from Docker's public GitHub repository (github.com/docker/scout-cli). This is a well-known and expected source for the tool's installation.
- [REMOTE_CODE_EXECUTION]: Includes documentation and examples of remote script execution (e.g., downloading and running shell scripts). These patterns are used exclusively as educational material to demonstrate 'UNSAFE' patterns for the agent to detect in user code or to illustrate 'SAFE' verification methods (checksumming).
- [CREDENTIALS_UNSAFE]: Contains hardcoded credential placeholders (e.g., 'DB_PASSWORD=hunter2') within code blocks. These are explicitly labeled as illustrative examples of security vulnerabilities for the agent to identify during its scanning process.
- [DATA_EXFILTRATION]: No evidence of data exfiltration was found. Network operations are limited to tool installation and legitimate scanning activities through the Docker Scout API.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external, potentially untrusted Dockerfiles and container configurations.
- Ingestion points: Reads Dockerfile and docker-compose.yml files (SKILL.md).
- Boundary markers: Not explicitly defined for raw file reads.
- Capability inventory: Executes shell commands (docker, cat) through the agent's environment.
- Sanitization: Uses structured JSON output when interacting with Docker Scout, reducing the risk of parsing-based injection. The risk is inherent to the task of scanning user-provided configuration files.
Recommendations
- INFO: Downloads code from trusted source(s): https://raw.githubusercontent.com/docker/scout-cli/main/install.sh
Audit Metadata